Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Since Malware removal, cannot access files & programmes

RKinner

Posted 14 September 2013 - 03:10 PM

RKinner

Malware Expert

Expert

20,333 posts

Starting to smell like a hard drive problem.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rossohttp://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

0

Advertisements

GrahamH

Posted 15 September 2013 - 08:09 AM

GrahamH

Member

Topic Starter

Member

53 posts

OK I have followed the first part of your instructions up to scheduling a disk check. However, when I right click Computer and then Manage, nothing happens. It doesn't go to Event viewer or Windows logs.

Posted 15 September 2013 - 08:14 AM

GrahamH

Posted 15 September 2013 - 11:00 AM

Scans finally completed.
Here are the logs for System and Application:-

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/09/2013 17:51:56

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2013 20:05:02
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/07/2013 21:12:47
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/06/2013 10:43:11
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/06/2013 19:26:52
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2013 16:22:58
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 15/09/2013 16:22:58
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 15/09/2013 16:22:48
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 15/09/2013 16:21:58
Type: Error Category: 0
Event: 31004 Source: Microsoft-Windows-SharedAccess_NAT
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 15/09/2013 14:19:15
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 15/09/2013 13:44:24
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 15/09/2013 13:44:24
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 15/09/2013 13:44:17
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 14/09/2013 19:31:50
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 14/09/2013 19:31:16
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 13/09/2013 21:22:15
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 13/09/2013 21:22:13
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 13/09/2013 19:58:11
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SJH-TOSH on the network \Device\NetBT_Tcpip_{8577256D-52AC-4960-A22E-7CCB8D8553EF}. Browser master: \\SJH-TOSH Network: \Device\NetBT_Tcpip_{8577256D-52AC-4960-A22E-7CCB8D8553EF} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 12/09/2013 19:37:44
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 12/09/2013 19:37:43
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.Hit Enter. Do you get any errors?

GrahamH

Posted 15 September 2013 - 03:52 PM

Have tried to attach the print screen for the error message but having problems. When trying to save the image to desktop it says "save operation has been interrupted. Image has not been saved."

Tried copying the 5 lines and error messages appeared on Command Prompt:-
C:\users\marion>Takeown/f:windir:winsxs\filemaps\*/a ERROR: The currently logged on user does not have administrative privileges

GrahamH

Posted 16 September 2013 - 05:13 AM

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/09/2013 12:06:42

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2013 20:05:02
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/07/2013 21:12:47
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/06/2013 10:43:11
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/06/2013 19:26:52
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/09/2013 10:23:47
Type: Error Category: 0
Event: 31004 Source: Microsoft-Windows-SharedAccess_NAT
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 16/09/2013 10:23:44
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/09/2013 10:23:43
Type: Error Category: 0
Event: 31004 Source: Microsoft-Windows-SharedAccess_NAT
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 16/09/2013 10:23:35
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/09/2013 10:23:35
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/09/2013 10:23:24
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/09/2013 10:11:01
Type: Error Category: 0
Event: 30013 Source: Microsoft-Windows-SharedAccess_NAT
The DHCP allocator has disabled itself on IP address 192.168.0.2, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Log: 'System' Date/Time: 16/09/2013 10:11:01
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/09/2013 12:09:23

By the way, by accident, I have found that xls and word documents sent as attachments to my Yahoo email address wont open with Microsoft Starter 2010 which was installed when I got the laptop. However they will open in Gmail with Google sheets and Google view.

RKinner

Posted 17 September 2013 - 08:44 AM

RKinner

Malware Expert

Expert

20,333 posts

OK.

then see if you can do the fixit for ipv6 manually:

Click Starttype

regedit

in the Start Search box, and then click regedit.exe in the Programs list.In the User Account Control dialog box, click Continue.In Registry Editor, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\ParametersDouble-click DisabledComponents (should be int he right pane) to change the DisabledComponents entry.

Note If the DisabledComponents entry is unavailable, you must create it. To do this, follow these steps:

In the Edit menu, point to New, and then click DWORD (32-bit) Value. Type DisabledComponents, and then press ENTER. Double-click DisabledComponents.

Type the following values in the Value data field to configure the IPv6 protocol to the desired state, and then click OK:

Type 0xffffffff to disable all IPv6 components except the IPv6 loopback interface. This value also configures Windows to prefer using IPv4 over IPv6 by changing entries in the prefix policy table. For more information, see Source and Destination Address Selection.

By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\

Please allow it to do so.

Download and Save the attached file, reset.zip, right click on it and Extract all and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.Copy the next two lines:

cd "\Program Files\Windows Resource Kits\Tools"
reset.cmd

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.Hit Enter. This will take a while.